Product Bulletins

Bulletin Summary
180606
Aug 3, 2018

February 2018 NTP Security Vulnerability Announcement
The NTP Project announced a list of vulnerabilities.
EndRun Time Servers may be affected if you use peering, Stratum 2 or interleave mode.  This bulletin also has recommendations for securing your NTP clients.

180104
Jan 4, 2018

January 2018 Meltdown and Spectre Vulnerabilities
The Google Project Zero team announced three cpu vulnerabilities.
EndRun's Sonoma, Meridian II, Tycho II, RTM3205 and Distribution Chassis products are not affected. 

170328
Mar 28, 2017

March 2017 NTP Security Vulnerability Announcement
The NTP Project announced a list of vulnerabilities.
EndRun Time Servers may be affected if you use peering or Stratum 2. This bulletin also has recommendations for securing your NTP clients.

161205
Dec 5, 2016

November 2016 NTP Security Vulnerability Announcement
The NTP Project announced a list of vulnerabilities.
EndRun Time Servers may be affected if you changed the factory configuration to allow remote control, peering, traps, or rate limiting.

160606
Jun 6, 2016

June 2016 NTP Security Vulnerability Announcement
The NTP Project announced a list of vulnerabilities.
EndRun Time Servers may be affected if you use peering or Stratum 2. This bulletin also has recommendations for securing your NTP clients.

160321
Mar 21, 2016

GNU glibc Vulnerability to Crafted DNS Responses
CVE-2015-7547.
EndRun's Sonoma, Meridian II, Tycho II, and Distribution Chassis are unaffected.  Legacy products are vulnerable.

151026
Oct 26, 2015

October 2015 NTP Security Vulnerability Announcement
The NTP Project announced a list of vulnerabilities.
EndRun Time Servers may be affected if you use peering or Stratum 2. This bulletin also has recommendations for securing your NTP clients.

150414
Apr 14, 2015

NTP Client/Peering Vulnerabilities
CVE-2015-1798, 1799
EndRun Time Servers may be affected if you use peering.

150130
Jan 30, 2015

Linux Ghost Vulnerability
CVE-2015-0235
EndRun products are affected.

141222
Dec 22, 2014

NTP Remote Query and Crypto Vulnerabilities
CVE-2014-9293, 9294, 9295, 9296
EndRun Time Servers are affected.

140926
Sep 26, 2014

Linux Bash Shellshock Vulnerability
CVE-2014-6271, 6277, 6278, 7169
Most EndRun products are affected.  See Security Bulletin for details.

140409
Apr 9, 2014

OpenSSL Heartbleed Vulnerability
CVE-2014-0160
EndRun products are NOT affected.

140110
Jan 10, 2014

NTP Monlist Vulnerability
CVE-2013-5211
Some EndRun products are vulnerable.

Bulletin Summary
180427
Apr 27, 2018

GPS-Synchronized: Sonoma, Tempus LX, Unison, Meridian, Tycho, RTM3204, Tempus Gntp, Praecis Gntp, Praecis Gfr
GPS week rollover event on April 7, 2019.
Note: Meridian II, Tycho II, RTM3205 are unaffected by this event. Sonoma shipped after June 2017 is also unaffected.

160218
Feb 18, 2016

Tempus LX, Unison, Meridian, Tycho, RTM3204,
Praecis Gntp, Tempus Gntp (GPS-Synchronized)

Time fault alarm due to improper GPS receiver week rollover at 00:00:00 UTC February 14, 2016.

160126
Jan 26, 2016

Sonoma, Tempus LX, Unison, Meridian, Tycho
(GPS-Synchronized)

Potential 13-microsecond offset due to GPS system anomaly.

151026
Oct 26, 2015

Sonoma, Tempus LX, Unison, Meridian,
Meridian II, Tycho II

NTP Vulnerabilities identified by the NTP Project.

141222-01
Dec 22, 2014

Sonoma
NTP Vulnerability: ntpq, ntpdc, crypto.

141222-02
Dec 22, 2014

Tempus LX, Meridian, Unison
NTP Vulnerability: ntpq, ntpdc, crypto.

141222-03
Dec 22, 2014

Praecis Cntp, Praecis Gntp, Tempus Cntp, Tempus Gntp
NTP Vulnerability: ntpq, ntpdc, crypto.

140926-01
Sep 26, 2014

Sonoma
Shellshock Vulnerability.

140926-02
Sep 26, 2014

Tempus LX, Meridian, Unison, Tycho
Shellshock Vulnerability.

140926-03
Sep 26, 2014

Praecis Cntp, Praecis Gntp, Tempus Cntp, Tempus Gntp
Shellshock Vulnerability.

140110-01
Jan 10, 2014

Sonoma
NTP Vulnerability: monlist, ntpq, ntpdc.

140110-02
Jan 10, 2014

Tempus LX, Meridian, Unison
NTP Vulnerability: monlist, ntpq, ntpdc.

140110-03
Jan 10, 2014

Praecis Cntp, Praecis Gntp, Tempus Cntp, Tempus Gntp
NTP Vulnerability: monlist, ntpq, ntpdc.

131216
Dec 16, 2013

Sonoma
SNMP MIB correction.

130930
Sep 30, 2013

Tempus LX, Meridian, Unison, Tycho
IPv6 syslog-ng memory usage.

110825-01
Aug 25, 2011

Praecis II
CDMA carrier in South Korea changed frequencies.

110825-02
Aug 25, 2011

Praecis Ce, Praecis Cf, Praecis Ct
CDMA carrier in South Korea changed frequencies.

110825-03
Aug 25, 2011

Tempus LX and Unison (CDMA only)
CDMA carrier in South Korea changed frequencies.

100118
Jan 18, 2010

Tempus LX, Unison, Meridian, Tycho, RTM3204 (GPS only)
Operation without GPS Antenna connected for long periods.

100105-01
Jan 5, 2010

Tempus LX, Unison, Meridian, Tycho, RTM3204
Unprivileged user log-in expired.

100105-02
Jan 5, 2010

Praecis Cntp, Praecis Gntp, Tempus Cntp, Tempus Gntp
Unprivileged user log-in expired.

071030
Nov 1, 2007

Tempus LX, Meridian (with Rubidium Oscillators only)
Some product covers need replacement.

Bulletin Summary
170101
Jan 1, 2017

Sonoma, Meridian II, Tycho II, Tempus LX, Unison, Meridian, Tycho, Praecis

160707
Jul 7, 2016

Sonoma, Meridian II, Tycho II, Tempus LX, Unison, Meridian, Tycho, Praecis

150701
Jul 1, 2015

Sonoma, Tempus LX, Unison, Meridian, Tycho, Praecis

150106
Jan 6, 2015

Sonoma, Tempus LX, Unison, Meridian, Tycho, Praecis

Bulletin Summary
190206
Jan 24, 2019

Distribution Chassis:
FDC3300, PDC3301, FDC3302, TDC3303

150608
Jun 8, 2015

Meridian CDMA Frequency Reference
Tycho CDMA Frequency Reference

150223
Feb 23, 2015

Tycho GPS Frequency Reference

150219
Feb 19, 2015

Meridian Precision GPS TimeBase

141215
Dec 15, 2014

RTM3204 GPS Timing Module

130920
Sep 20, 2013

Unison Network Time Server

130603
Jun 3, 2013

Tempus LX Network Time Server